Proceedings ArticleDOI
All your contacts are belong to us: automated identity theft attacks on social networks
Leyla Bilge,Thorsten Strufe,Davide Balzarotti,Engin Kirda +3 more
- pp 551-560
TLDR
This paper investigates how easy it would be for a potential attacker to launch automated crawling and identity theft attacks against a number of popular social networking sites in order to gain access to a large volume of personal user information.Abstract:
Social networking sites have been increasingly gaining popularity. Well-known sites such as Facebook have been reporting growth rates as high as 3% per week. Many social networking sites have millions of registered users who use these sites to share photographs, contact long-lost friends, establish new business contacts and to keep in touch. In this paper, we investigate how easy it would be for a potential attacker to launch automated crawling and identity theft attacks against a number of popular social networking sites in order to gain access to a large volume of personal user information. The first attack we present is the automated identity theft of existing user profiles and sending of friend requests to the contacts of the cloned victim. The hope, from the attacker's point of view, is that the contacted users simply trust and accept the friend request. By establishing a friendship relationship with the contacts of a victim, the attacker is able to access the sensitive personal information provided by them. In the second, more advanced attack we present, we show that it is effective and feasible to launch an automated, cross-site profile cloning attack. In this attack, we are able to automatically create a forged profile in a network where the victim is not registered yet and contact the victim's friends who are registered on both networks. Our experimental results with real users show that the automated attacks we present are effective and feasible in practice.read more
Citations
More filters
Proceedings ArticleDOI
Detecting spammers on social networks
TL;DR: The results show that it is possible to automatically identify the accounts used by spammers, and the analysis was used for take-down efforts in a real-world social network.
Journal ArticleDOI
Safebook: A privacy-preserving online social network leveraging on real-life trust
TL;DR: Safebook as discussed by the authors is a decentralized and privacy-preserving online social network application based on the two design principles, decentralization and exploiting real-life trust, various mechanisms for privacy and security are integrated into Safebook in order to provide data storage and data management functions that preserve users privacy, data integrity, and availability.
Proceedings Article
Aiding the detection of fake accounts in large scale social online services
TL;DR: A new tool in the hands of OSN operators, which relies on social graph properties to rank users according to their perceived likelihood of being fake (SybilRank), which is computationally efficient and can scale to graphs with hundreds of millions of nodes, as demonstrated by the Hadoop prototype.
Proceedings ArticleDOI
The socialbot network: when bots socialize for fame and money
TL;DR: This paper adopts a traditional web-based botnet design and built a Socialbot Network (SbN): a group of adaptive socialbots that are orchestrated in a command-and-control fashion that is evaluated how vulnerable OSNs are to a large-scale infiltration by socialbots.
Proceedings ArticleDOI
Privacy wizards for social networking sites
Lujun Fang,Kristen LeFevre +1 more
TL;DR: A template for the design of a social networking privacy wizard based on an active learning paradigm called uncertainty sampling, which is able to recommend high-accuracy privacy settings using less user input than existing policy-specification tools.
References
More filters
Journal Article
Binary codes capable of correcting deletions, insertions, and reversals
Book ChapterDOI
The Sybil Attack
TL;DR: It is shown that, without a logically centralized authority, Sybil attacks are always possible except under extreme and unrealistic assumptions of resource parity and coordination among entities.
Journal ArticleDOI
reCAPTCHA: Human-Based Character Recognition via Web Security Measures
TL;DR: This research explored whether human effort can be channeled into a useful purpose: helping to digitize old printed material by asking users to decipher scanned words from books that computerized optical character recognition failed to recognize.
Journal ArticleDOI
Social phishing
TL;DR: Sometimes a "friendly" email message tempts recipients to reveal more online than they otherwise would, playing right into the sender's hand.